标签:key over account tag smooth target /tmp any ros
2018-01-31 10:11:56说明:本文中私有仓库的ip地址为10.10.172.203:5000,操作系统为CentOS7.2;
服务端:10.10.172.203/24
第一步:
1,从Docker官方仓库里下载registry镜像
2、docker images命令查看本地镜像;
默认情况下,会将私有仓库存放于容器内的/tmp/registry目录下,这样如果容器被删除,则存放于容器中的镜像也会丢失。
所以一般情况下会指定本地一个目录挂载到容器内的/tmp/registry下,命令如下:
#docker run -d -it --restart always --name docker-hub -p 5000:5000 -v /docker-hub/registry:/var/lib/registry registry
由上可以看到,已经启动了一个容器,地址为:10.10.172.203:5000。
3、由于仓库与客户端的https问题,需要修改/usr/lib/systemd/system/docker.service文件,添加 ExecStart=/usr/bin/dockerd --registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 10.10.172.203:5000
[root@docker ~]# cat /usr/lib/systemd/system/docker.service[Unit]Description=Docker Application Container EngineDocumentation=https://docs.docker.comAfter=network-online.target firewalld.serviceWants=network-online.target
[Service]Type=notify# the default is not to use systemd for cgroups because the delegate issues still# exists and systemd currently does not support the cgroup feature set required# for containers run by dockerExecStart=/usr/bin/dockerd --storage-driver=devicemapper --storage-opt=dm.thinpooldev=/dev/mapper/docker-thinpool --storage-opt dm.use_deferred_removal=true
--registry-mirror=http://019a7061.m.daocloud.io --insecure-registry 10.10.172.203:5000
ExecReload=/bin/kill -s HUP $MAINPID# Having non-zero Limit*s causes performance problems due to accounting overhead# in the kernel. We recommend using cgroups to do container-local accounting.LimitNOFILE=infinityLimitNPROC=infinityLimitCORE=infinity# Uncomment TasksMax if your systemd version supports it.# Only systemd 226 and above support this version.#TasksMax=infinityTimeoutStartSec=0# set delegate yes so that systemd does not reset the cgroups of docker containersDelegate=yes# kill only the docker process, not all processes in the cgroupKillMode=process# restart the docker process if it exits prematurelyRestart=on-failureStartLimitBurst=3StartLimitInterval=60s
[Install]WantedBy=multi-user.target[root@docker ~]# 或者
[root@docker ~]# cat /etc/docker/daemon.json{"registry-mirrors": ["http://df98fb04.m.daocloud.io"],"insecure-registries":["10.10.172.203:5000"]
}[root@docker ~]#
重新加载docker服务[root@docker ~]# systemctl daemon-reload[root@docker ~]# systemctl restart docker
注:因为Docker从1.3.X之后,与docker registry交互默认使用的是https,然而此处搭建的私有仓库只提供http服务,所以当与私有仓库交互时就会报上面的错误。为了解决这个问题需要在启动docker server时增加启动参数为默认使用http访问。需要在docker的配置文件/etc/sysconfig/docker (ubuntu系统中的docker配置文件时/etc/default/docker )添加参数“--insecure-registry=10.10.172.203:5000”。
温馨提示:这个是在客户机的docker配置文件里添加的(即上传镜像到私有仓库里或从私有仓库下载镜像的客户机)。4、重新启动docker。(如果是在虚拟机中运行,重启一下虚拟机,要不然还是使用其他机器访问此仓库还是会有https的问题)
1 | # systemctl restart docker |
5、docker tag将镜像打tag,语法格式如下
docker tag <image_name> <registry_ip>:5000/<image_name>:<version> |
1 |
|
1 2 3 4 5 | [root@docker ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZEregistry latest d1fd7d86a825 3 weeks ago 33.3MB10.10.172.203:5000/centos7 latest ff426288ea90 3 weeks ago 207MBcentos latest ff426288ea90 3 weeks ago 207MB |
6、镜像的上传与下载,语法格式如下
1 2 | docker push <registry_ip>:5000/<image_name>:<version>;上传镜像至私有仓库docker pull <registry_ip>:5000/<image_name>:<version>;从私有仓库pull镜像 |
1 | # docker push 10.10.172.203:5000/centos7 |
1 2 3 4 5 | [root@docker ~]# docker push 10.10.172.203:5000/centos7The push refers to repository [10.10.172.203:5000/centos7]e15afa4858b6: Pushed latest: digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbe size: 529[root@docker ~]# |
7、使用curl 10.10.172.203:5000/v2/_catalog 查看仓库中的镜像情况
1 2 3 | [root@docker ~]# curl 10.10.172.203:5000/v2/_catalog{"repositories":["centos7"]}[root@docker ~]# |
注意查看镜像方法(docker pull registry:2.1.1):
1 2 | # curl -XGET http://registry_ip:5000/v2/_catalog# curl -XGET http://registry_ip:5000/v2/image_name/tags/list |
客户端下载私有仓库镜像:
配置docker信任私有仓库地址(http)
1 2 3 4 5 | [root@localhost ~]# cat /etc/docker/daemon.json {"registry-mirrors": ["http://df98fb04.m.daocloud.io"],"insecure-registries":["10.10.172.203:5000"]} |
2.查看客户端本机镜像列表
1 2 3 | [root@localhost ~]# docker images REPOSITORY TAG IMAGE ID CREATED SIZEcentos latest ff426288ea90 3 weeks ago 207MB |
3.从私有仓库下载centos镜像
1 2 3 4 5 | [root@localhost ~]# docker pull 10.10.172.203:5000/centos7Using default tag: latestlatest: Pulling from centos7Digest: sha256:7e94d6055269edb455bcfb637292573117e4a8341e9b9abbc09b17d8aafe8fbeStatus: Downloaded newer image for 10.10.172.203:5000/centos7:latest |
4.再次查看客户端本机镜像列表
1 2 3 4 5 | [root@localhost ~]# docker imagesREPOSITORY TAG IMAGE ID CREATED SIZE10.10.172.203:5000/centos7 latest ff426288ea90 3 weeks ago 207MBcentos latest ff426288ea90 3 weeks ago 207MB[root@localhost ~]# |
总结:使用企业内部私有镜像仓库中的镜像,大大节省了镜像下载的时间。
标签:key over account tag smooth target /tmp any ros
原文地址:http://blog.51cto.com/douya/2134268
